Chapter 7 Securing Information Systems
|
|
- Helena Ford
- 8 years ago
- Views:
Transcription
1 1 Chapter 7 Securing Information Systems LEARNING TRACK 3: COMPUTER FORENSICS For thirty years, a serial murderer known as the BTK killer (standing for bind, torture, and kill) remained at large in Wichita, Kansas. The BTK killer first struck in 1971 with the murder of four members of a Wichita family in their home and committed his last in this early period murder in He then resurfaced between March 2004 and February 2005, sending a letter to a local news paper and eventually a floppy disk to the city police department. The disk contained a file labeled "Test A.RTF" with the message "This is a test." Additional investigation found that the disk was opened in computers at Wichita's Christ Lutheran Church and the file was last saved by a user named "Dennis." This information led police to Dennis Rader, president of the congregation, who was proven via DNA analysis and examination of Rader's computer to be the BTK killer. Computer forensics played an important role in breaking this case. What Is Computer Forensics? Computer forensics is the scientific collection, examination, authentication, preservation, and analysis of digital data so that the information can be used as evidence in a court of law. Both local and federal law enforcement agencies use computer forensics to gather evidence for criminal cases or to obtain more information about a suspect. Large corporations may hire a computer forensics expert to monitor employee computer activities to make sure employees are not leaking sensitive or critical company information or using company computer resources in harmful ways. Computer forensics can be an indispensable tool in divorce cases where one party may be trying to conceal or secretly transfer wealth, or there is suspicion of infidelity or other conduct that would constitute "fault" in divorce proceedings. The divorce discovery process will be looking for digital evidence such as names and addresses of financial institutions, fund transfers, hidden accounts, real estate holdings, debt information, account activity, and and instant message communication with other people. The party that fails to disclose an asset during the divorce process may be required to pay attorney's fees and turn over the asset to the other party or to the court in a receivership proceeding, in addition to losing credibility in the divorce proceeding as a whole. For instance, computer forensics facilitated the discovery of records related to a family-owned business. The profit and loss statements and general ledgers for a fouryear period provided by the spouse that operated the business appeared to minimize corporate assets and income. A forensic analysis of the computer system where the records were stored showed that a program designed to erase data was downloaded and used to remove items from the hard drive shortly before the computer was turned over to the forensic examiner. The forensic examiner additionally determined that the financial records that had been provided by the spouse had been generated by a program version that was not in use at the time the records were purportedly created. As a result, the court concluded that the records had been modified and imposed a sanction against the spouse that had provided the records.
2 Computer forensics requires specialized expertise and tools that go beyond the normal data collection preservation techniques employed by end users and information systems departments. This field also requires legal knowledge because digital evidence must adhere to the standards of evidence that are admissible in a court of law. Before performing an investigation, the examiner must make sure he or she has the legal authority to search for digital data. Computer forensics experts perform a variety of tasks: Identify sources of digital or documentary evidence Preserve the evidence Analyze the evidence Present the findings. Digital Evidence Digital evidence consists of any information stored or transmitted in digital form that can be used in court for either criminal or civil cases. Digital evidence can be found in , voice mail, instant messaging, Web browsing histories, digital photographs and video, computer disk drives, CDs, DVDs, USB storage devices, ipods and MP3 players, smart phones, cell phones, pagers, photocopiers, fax machines, and Global Positioning System (GPS) tracks. is now a primary means of communication and a major source of digital evidence. This evidence may be found in the body of the or in an attachment. E- mail data may be stored on a local hard drive, a network device, a dedicated mail server, or a removable device, and the forensic examiner will search all of these devices. All messages generate headers attached to the messages that contain valuable information such as the time the message was sent, identities of sender and recipient, and the sender's domain name. The headers may contain "reply to" information that allow threads to be reconstructed. The high volume of makes it difficult for an examiner to search each message. Forensic experts typically will make copies of s and attachments and look for incriminating evidence using keyword searches. Computer forensics specialists are often called in to recover data that has been deleted from a device. Many computer users do not realize that there are tools for recovering data on a computer hard drive after a file has been deleted. In addition to recovering "deleted" files, computer forensics specialists can examine local network connections to gather evidence from data transmissions or uploads of files. Obtaining Digital Evidence CHAPTER 7: Learning Track 3 2 Like any other piece of evidence used in a legal case, the information obtained by a computer forensics investigation must follow the standards of admissible evidence in a court of law. Those presenting electronic evidence must be able to demonstrate the reliability of the computer equipment, the manner in which the basic data were initially entered, measures taken to ensure the accuracy of the data as entered, the method of storing the data, precautions taken to prevent its loss, and the accuracy and reliability of the computer programs used to process the data. If the individual who generated the digital evidence has not consented to having his or her computer system examined, the computer forensics expert must make sure that he or she has the legal authority to seize, examine, and image the individual's computer devices. The computer forensics investigator needs to document all work done to a com-
3 puter and all information found. An investigator who uses a faulty procedure may invalidate all the digital evidence collected. To make sure evidence is not lost, destroyed, or compromised, the following guidelines should be followed: 1. Only use tested tools and methods that have been tested and validated for accuracy and reliability. 2. Handle the original evidence as little as possible to avoid changing data. 3. Document everything done. 4. Establish and maintain a chain of custody. 5. Never exceed personal knowledge Unless it is completely unavoidable, digital evidence should not be analyzed using the same machine from which it was collected. Instead, forensic image copies of the contents of computer storage devices (primarily hard drives) are made. If a machine is suspected of being used for illegal communications, such as terrorist traffic, important information may not be stored on the hard drive. Several Open Source tools are available to analyze open ports, mapped drives, or open encrypted files on the live computer system. These stools can also scan RAM and Registry information to show recently accessed Web-based sites and the login/password used to access these sites or recently accessed local applications such as MS Outlook. The Registry is a database used by the Windows operating system to store configuration information, such as settings for hardware, system software, installed programs, and user preferences. This information may help a forensic investigation by showing, for example, whether someone tried to uninstall a program. It is possible that the expert trying to analyze a live computer system will make changes to the contents of the hard drive. During each phase of the analysis, the forensic examiner needs to identify the information that will be lost when the system powers down, balancing the need to potentially change data on the hard drive with the evidentiary value of the perishable data. When a live analysis is being conducted, data that are most likely to be modified or damaged first must be captured first. So the examiner will first inspect data in network connections, followed by analysis of running computer programs, then the contents of RAM, which may include information on all running programs, recently run programs, passwords, encryption keys, personal information, and system and program settings. Next operating systems will be examined, including user lists, currently logged in users, system data and time, currently accessed files, and current security policies. Finally, the hard drive will be imaged to create an exact duplicate. Forensic examiners can completely duplicate an entire hard drive using a standalone hard drive duplicator or software imaging tools such as DCFLdd or IXimager, storing the duplicate on another hard disk drive, a tape, or other media. The original drive will be moved to secure storage to prevent tampering and some type of hardware write tool will be used to ensure the original hard drive cannot be written on again. Table 1 shows some of the leading software tools used for these activities. Careers in Computer Forensics Computer forensics is a blossoming field, given the increasing amount of public discussion and legislation aimed controlling computer crime, identity theft, data leakage, and data protection. The FBI anticipates that nearly fifty percent of its criminal cases will involve computer forensics work in the future. The nature of crime itself is changing as criminals learn how to exploit weaknesses in computers, networks, and their CHAPTER 7: Learning Track 3 3
4 CHAPTER 7: Learning Track 3 4 TABLE 1 DIGITAL FORENSIC SOFTWARE TOOLS SOFTWARE TOOL EnCase Forensics DCFLdd AccessData Forensic Toolkit Mailbag Assistant IsoBuster IX Imager Paraban Device Seizure SMART Helix DESCRIPTION Comprehensive tool capable of performing both file imaging and analysis, and analyzing and documenting multiple formats. Open source tool that is often used to create bitstream image files of media as part of a forensic acquisition process. Can hash data as it is being transferred, helping to ensure data integrity, verify that a target drive is a bit-for-bit match of the specified input file or pattern, and output to multiple files or disks at the same time. Performs imaging, decryption, and analysis, supporting many file and imaging formats. Tools for searching, organizing, and analyzing in many different formats. Data recovery tool for examining CDs and DVDs. Works with multiple CD and DVD file formats and CD image files. Is capable of viewing and accessing data on CDs and DVDs from both open and closed sessions, thereby displaying data which may not be readily accessible by other forensic software tools Linux-based digital media acquisition tool, with the ability to compress and/or encrypt image files and provide imaging accuracy in the face of damaged media, hidden geometries, and under adverse conditions. Works with devices that otherwise cannot be imaged in a Windows environment, include USB devices, server RAID systems, and tape. Provides deleted data recovery and full data dumps of certain cell phone models Software utility that can acquire data from digital devices and clone it to any number of images and devices simultaneously. Able to recover deleted data and interpret file system metadata, and to perform an on-site or remote preview of a target system. Includes more than 35 tools for incident response and forensic analysis, including tools for wiping data from disks, recovering data from slack space, and viewing the Windows Registry. business applications in finance and accounting. Computer forensics professionals are referred to by many titles, including computer forensics investigator, digital forensics detectives, and digital media analysts. All these jobs deal with the investigation of digital media. A computer forensics investigator is responsible for collecting and evaluating data stored or encrypted on digital media or for recovering data that have been deleted from a computer device. The investigator is also charged with securing the data and
5 ensuring they are not accidentally damaged during an investigation. Once the investigation is complete, the computer forensics investigator will write a detailed report describing the findings of the investigation. Computer forensics investigators work with law enforcement agencies, large corporations, or consulting firms or they operate on their own as freelance consultants to businesses that do not need or cannot afford a full-time computer forensics professional. A computer forensics director is typically responsible for managing a team of computer forensics investigators in a law enforcement agency, large corporation, or computer forensics consulting firm. Computer forensics directors must have good management skills and are responsible for ensuring that all legal procedures and company policies are carefully followed. This position generally requires a bachelor's degree, usually in management, computer security, criminal justice, or computer forensics. The salary for computer forensics professionals ranges for $85,000 to $120,000 per year, with salaries at private companies usually higher than those in law enforcement. Computer forensics directors typically earn salaries in the range of $120,000 to $160,000. The two most common certifications for computer forensics investigators are the Certified Information Systems Security Professional (CISSP) and the Certified Computer Examiner (CCE). The CISSP is offered by the International Information Systems Security Certification Consortium, or ISC. To be certified, individuals must pass a six-hour CISSP examination. Candidates for the CISSP exam should have at least four years of professional experience in information security or a college degree and three years of experience. The Certified Computer Examiner (CCE) certification demonstrates competency in computer forensics. The CCE credential is offered by the International Society for Computer Examiners (ISFCE). To qualify for the CCE, candidates should have at least 18 months of professional experience or documented training, pass an online examination. and perform a forensic examination on at least three "test media." Digital Forensic Degree Programs Many computer forensics professionals acquire expertise while on the job in law enforcement and computer security positions, but formal education is becoming more necessary as a requirement for these positions. There are computer forensics certificate programs for people who already have some career knowledge. People with no law enforcement or security background can pursue an associates' degree, a bachelors' degree or a masters degree programs in computer forensics. For positions such as forensic team leaders or bureau supervisors, a graduate degree is desirable. All computer forensics specialists must have a solid comprehension of the law. They must understand how to properly and legally handle evidence and how to use a variety of methods for evidence discovery and retrieval. Computer forensics specialists will need knowledge of computer systems and programs and how to retrieve information from them. Computer forensic degree programs offer courses in business and criminal law along with course work in computer systems and programs and courses in technical writing and public speaking. Many of these degree programs require completion of an internship with local agencies or computer forensics professionals prior to graduation to provide real-world working experience. The associate's degree in computer forensics is a two year study program that includes courses in cybercrime, intrusion detection systems, and legal basics, along with courses in technical writing, algebra, and public speaking. The bachelor's degree in computer forensics is a four-year program providing computer forensics knowledge along with general education. Graduates typically take courses in criminal law, computer operating systems, and intrusion detection systems CHAPTER 7: Learning Track 3 5
6 CHAPTER 7: Learning Track 3 6 along with courses in technical writing, economics, and statistics. A few colleges and universities, such as Utica College of Syracuse University, Keiser University, and Marymount University in Arlington, Virginia, offer bachelor's degree programs in computer forensics. Many more colleges are planning new programs in computer forensics. Master's degree programs in computer forensics are typically pursued by law enforcement and computer security professionals who have already earned bachelor's degrees. These programs require course work in digital forensics, computer security and fraud analysis. Educational institutions offering a computer forensics master's degree include the University of Central Florida, John Jay College of Criminal Justice, Marshall University, and the University of East London.
Overview of Computer Forensics
Overview of Computer Forensics Don Mason, Associate Director National Center for Justice and the Rule of Law University of Mississippi School of Law [These materials are based on 4.3.1-4.3.3 in the National
More informationMSc Computer Security and Forensics. Examinations for 2009-2010 / Semester 1
MSc Computer Security and Forensics Cohort: MCSF/09B/PT Examinations for 2009-2010 / Semester 1 MODULE: COMPUTER FORENSICS & CYBERCRIME MODULE CODE: SECU5101 Duration: 2 Hours Instructions to Candidates:
More informationThe Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices
The Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices Introduction As organizations rely more heavily on technology-based methods of communication, many corporations
More informationhttps://agency.governmentjobs.com/dakota/job_bulletin.cfm?jobid=1017820
Page 1 of 5 DAKOTA COUNTY Employee Relations Administration Center, 1590 Highway 55 Hastings, MN 55033-2372 651.438.4435 http://www.dakotacounty.us INVITES APPLICATIONS FOR THE POSITION OF: Electronic
More informationHands-On How-To Computer Forensics Training
j8fm6pmlnqq3ghdgoucsm/ach5zvkzett7guroaqtgzbz8+t+8d2w538ke3c7t 02jjdklhaMFCQHihQAECwMCAQIZAQAKCRDafWsAOnHzRmAeAJ9yABw8v2fGxaq skeu29sdxrpb25zidxpbmznogtheories...ofhilz9e1xthvqxbb0gknrc1ng OKLbRXF/j5jJQPxXaNUu/It1TQHSiyEumrHNsnn65aUMPnrbVOVJ8hV8NQvsUE
More informationDigital Forensics. Larry Daniel
Digital Forensics Larry Daniel Introduction A recent research report from The Yankee Group found that 67.6 percent of US households in 2002 contained at least one PC The investigators foresee three-quarters
More informationIntroduction to Network Security Comptia Security+ Exam. Computer Forensics. Evidence. Domain 5 Computer Forensics
Introduction to Network Security Comptia Security+ Exam Domain 5 Computer Forensics Computer Forensics Forensics relates to the application of scientific knowledge and method to legal problems Investigating
More informationDigital Forensics Tutorials Acquiring an Image with FTK Imager
Digital Forensics Tutorials Acquiring an Image with FTK Imager Explanation Section Digital Forensics Definition The use of scientifically derived and proven methods toward the preservation, collection,
More informationComputer Forensics Processing Checklist. Pueblo High-Tech Crimes Unit
Computer Forensics Processing Checklist Pueblo High-Tech Crimes Unit Cmdr. Dave Pettinari Pueblo County Sheriff's Office davepet@cops.org The purpose of this document is to provide computer forensic technicians
More informationCOMPUTER FORENSICS (EFFECTIVE 2013-14) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE 2013-14 CATE STUDENT REPORTING PROCEDURES MANUAL)
COMPUTER FORENSICS (EFFECTIVE 2013-14) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE 2013-14 CATE STUDENT REPORTING PROCEDURES MANUAL) COURSE DESCRIPTION: Computer Forensics is focused on teaching
More informationDigital Forensics for Attorneys Overview of Digital Forensics
Lars Daniel,, EnCE, ACE, CTNS Digital Forensic Examiner Digital Forensics for Attorneys Overview of Digital Forensics Digital Forensics For Attorneys Overview of Digital Forensics Types of Digital Evidence
More informationDigital Forensic. A newsletter for IT Professionals. I. Background of Digital Forensic. Definition of Digital Forensic
I Digital Forensic A newsletter for IT Professionals Education Sector Updates Issue 10 I. Background of Digital Forensic Definition of Digital Forensic Digital forensic involves the collection and analysis
More informationIntroduction to Data Forensics. Jeff Flaig, Security Consultant January 15, 2014
Introduction to Data Forensics Jeff Flaig, Security Consultant January 15, 2014 WHAT IS COMPUTER FORENSICS Computer forensics is the process of methodically examining computer media (hard disks, diskettes,
More informationEC-Council Ethical Hacking and Countermeasures
EC-Council Ethical Hacking and Countermeasures Description This class will immerse the students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems.
More informationBDO CONSULTING FORENSIC TECHNOLOGY SERVICES
BDO CONSULTING FORENSIC TECHNOLOGY SERVICES MARCH 2013 AGENDA Introduction About BDO Consulting Computer Forensics & E-Discovery Practice Current Trends Case Studies Q&A Page 2 Michael Barba Managing Director,
More informationCCE Certification Competencies
CCE Certification Competencies May 10, 2012 Page 1 The Certified Computer Examiner (CCE) has evolved into one of the most desired certifications in the computer forensics industry. The certification is
More information10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)
1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction
More informationComputer Forensics. Liu Qian, Fredrik Höglin, Patricia Alonso Diaz. Uppsala University 2007-10-08
Computer Forensics Liu Qian, Fredrik Höglin, Patricia Alonso Diaz Uppsala University 2007-10-08 Outline This PM will give a brief overview of the field of computer forensics, including background, definitions,
More informationLecture outline. Computer Forensics and Digital Investigation. Defining the word forensic. Defining Computer forensics. The Digital Investigation
Computer Forensics and Digital Investigation Computer Security EDA263, lecture 14 Ulf Larson Lecture outline! Introduction to Computer Forensics! Digital investigation! Conducting a Digital Crime Scene
More informationDigital Forensics: The aftermath of hacking attacks. AHK Committee Meeting April 19 th, 2015 Eng. Jamal Abdulhaq Logos Networking FZ LLC
Digital Forensics: The aftermath of hacking attacks AHK Committee Meeting April 19 th, 2015 Eng. Jamal Abdulhaq Logos Networking FZ LLC Topics Digital Forensics: Brief introduction Case Studies Case I:
More informationDigital Forensics & e-discovery Services
Digital Forensics & e-discovery Services U.S. Security Associates Digital Forensics & e-discovery Services 21st century fraud investigations require expert digital forensics skills to deal with the complexities
More informationDigital Forensics & e-discovery Services
Digital Forensics & e-discovery Services Andrews International Digital Forensics & e-discovery Services 21st century fraud investigations require expert digital forensics skills to deal with the complexities
More informationChapter 15: Computer Security and Privacy
Understanding Computers Today and Tomorrow 12 th Edition Chapter 15: Computer Security and Privacy Learning Objectives Explain why all computer users should be concerned about computer security. List some
More informationAbout Your Presenter. Digital Forensics For Attorneys. Overview of Digital Forensics
Larry E. Daniel, EnCE, DFCP, BCE Digital Forensic Examiner Digital Forensics for Attorneys An Overview of Digital Forensics About Your Presenter EnCase Certified Examiner (EnCE) Digital Forensics Certified
More informationDigital Forensics, ediscovery and Electronic Evidence
Digital Forensics, ediscovery and Electronic Evidence By Digital Forensics What Is It? Forensics is the use of science and technology to investigate and establish facts in a court of law. Digital forensics
More informationBreakfast Meeting: Securing your Secured Data Digital Forensics, Fraud and Forensic Advancements
Breakfast Meeting: Securing your Secured Data Digital Forensics, Fraud and Forensic Advancements 9 April 2013 Facilitator: Dr. Sheau-Dong Lang, Coordinator Master of Science in Digital Forensics University
More informationInfoSec Academy Forensics Track
Fundamental Courses Foundational Courses InfoSec Academy Specialized Courses Advanced Courses Certification Preparation Courses Certified Information Systems Security Professional (CISSP) Texas Security
More informationSouthern Law Center Law Center Policy #IT0014. Title: Privacy Expectations for SULC Computing Resources
Southern Law Center Law Center Policy #IT0014 Title: Privacy Expectations for SULC Computing Resources Authority: Department Original Adoption: 5/7/2007 Effective Date: 5/7/2007 Last Revision: 9/17/2012
More informationTen Deadly Sins of Computer Forensics
Ten Deadly Sins of Computer Forensics Cyber criminals take advantage of the anonymity of the Internet to escape punishment. Computer Forensics has emerged as a new discipline to counter cyber crime. This
More informationWHAT TO DO WHEN YOU RECEIVE A LITIGATION HOLD NOTICE. A Guide for University Faculty, Staff, and Others
WHAT TO DO WHEN YOU RECEIVE A LITIGATION HOLD NOTICE A Guide for University Faculty, Staff, and Others What is a Litigation Hold Notice? Notice from an authorized UW department (Attorney General s Office,
More informationDeveloping Computer Forensics Solutions for Terabyte Investigations
Developing Computer Forensics Solutions for Terabyte Investigations Eric Thompson Corporation Orem, Utah USA www.accessdata.com Overview Computer Forensic Definition, Objectives and Policies History of
More informationCertified Digital Forensics Examiner
Cyber Security Training & Consulting Certified Digital COURSE OVERVIEW 5 Days 40 CPE Credits $3,000 Digital is the investigation and recovery of data contained in digital devices. This data is often the
More informationBest Practices for Incident Responders Collecting Electronic Evidence
Best Practices for Incident Responders Collecting Electronic Evidence rev. April 2013 Prepared by: Rick Clyde Forensic Examiner rick.clyde@cwcsecurity.com M: (402) 709-6064 Chris Hoke Principal and Owner
More informationComputer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065
Computer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065 Introduction The Computer Forensics and Investigation course presents methods to properly conduct a computer forensics investigation
More informationThe Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training
The Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training Introduction The HIPAA Security Rule specifically requires training of all members of the workforce.
More informationDigital Forensics. Tom Pigg Executive Director Tennessee CSEC
Digital Forensics Tom Pigg Executive Director Tennessee CSEC Definitions Digital forensics Involves obtaining and analyzing digital information as evidence in civil, criminal, or administrative cases Analyze
More informationSufficiency of Windows Event log as Evidence in Digital Forensics
Sufficiency of Windows Event log as Evidence in Digital Forensics Nurdeen M. Ibrahim & A. Al-Nemrat, Hamid Jahankhani, R. Bashroush University of East London School of Computing, IT and Engineering, UK
More informationRule 30(b)(6) Depositions in Electronic Discovery. Discovering What There Is to Discover
: Discovering What There Is to Discover One of the challenges in electronic discovery is identifying the various sources of electronically stored information (ESI) that could potentially be relevant to
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationCYBER FORENSICS (W/LAB) Course Syllabus
6111 E. Skelly Drive P. O. Box 477200 Tulsa, OK 74147-7200 CYBER FORENSICS (W/LAB) Course Syllabus Course Number: CSFS-0020 OHLAP Credit: Yes OCAS Code: 8134 Course Length: 130 Hours Career Cluster: Information
More informationAcceptable Use of Information Systems Standard. Guidance for all staff
Acceptable Use of Information Systems Standard Guidance for all staff 2 Equipment security and passwords You are responsible for the security of the equipment allocated to, or used by you, and must not
More informatione-discovery Forensics Incident Response
e-discovery Forensics Incident Response NetSecurity Corporation 21351 Gentry Drive Suite 230 Dulles, VA 20166 VA DCJS # 11-5605 Phone: 703.444.9009 Toll Free: 1.866.664.6986 Web: www.netsecurity.com Email:
More informationCase study on asset tracing
Recovering Stolen Assets: A Practitioner s Handbook ARNO THUERIG * Case study on asset tracing I. Case study background The client adviser of a Swiss private bank transferred approximately USD 1 million
More information'Namgis First Nation. 1.0 Overview. 2.0 Purpose. 3.0 Scope. 4.0 Policy
Created: 2/18/2011 Page 1 of 8 'Namgis First Nation is hereinafter referred to as "the government." 1.0 Overview Though there are a number of reasons to provide a user network access, by far the most common
More informationCase Study: Mobile Device Forensics in Texting and Driving Cases
Case Study: Mobile Device Forensics in Texting and Driving Cases Company Profile McCann Investigations is a full service private investigation firm providing complete case solutions by employing cutting-edge
More informationCase Study: Hiring a licensed Security Provider
Case Study: Hiring a licensed Security Provider Company Profile McCann Investigations is a full service private investigation firm providing complete case solutions by employing cutting-edge computer forensics
More informationCREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy
CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy Amended as of February 12, 2010 on the authority of the HIPAA Privacy Officer for Creative Solutions in Healthcare, Inc. TABLE OF CONTENTS ARTICLE
More informationCertified Digital Forensics Examiner
Certified Digital Forensics Examiner Course Name: CDFE V6.0 Duration: Language: 5 days English Format: Instructor-led (Lecture and Lab) Prerequisite: Experience in using a computer Student Materials: Student
More informationPreservation and Production of Electronic Records
Policy No: 3008 Title of Policy: Preservation and Production of Electronic Records Applies to (check all that apply): Faculty Staff Students Division/Department College _X Topic/Issue: This policy enforces
More informationCertified Digital Forensics Examiner
Certified Digital Forensics Examiner Course Name: CDFE V6.0 Duration: Language: 5 days English Format: Instructor-led (Lecture and Lab) Prerequisite: Experience in using a computer Student Materials: Student
More informationCITY UNIVERSITY OF HONG KONG. Information Classification and
CITY UNIVERSITY OF HONG KONG Handling Standard (Approved by the Information Strategy and Governance Committee in December 2013) PUBLIC Date of Issue: 2013-12-24 Document Control Document Owner Classification
More informationTo Catch a Thief: Computer Forensics in the Classroom
To Catch a Thief: Computer Forensics in the Classroom Anna Carlin acarlin@csupomona.edu Steven S. Curl scurl@csupomona.edu Daniel Manson dmanson@csupomona.edu Computer Information Systems Department California
More informationPRIVACY IMPACT ASSESSMENT
PRIVACY IMPACT ASSESSMENT Outsourced Litigation Support Services September 2013 FDIC External Service Table of Contents System Overview Personally Identifiable Information (PII) in OLSS Purpose & Use of
More information"This is a truly remarkable attack, but not. just in its scope hackers successfully. penetrated one of the most secure
ICPAK ANNUAL FORENSIC AUDIT CONFERENCE Digital Forensics in Fraud & Corruption Investigations 9 October 2014 Leisure Lodge Hotel, Diani Kenya Faith Basiye, CFE Head Group Forensic Services KCB Banking
More informationHow To Protect The Time System From Being Hacked
WISCONSIN TIME SYSTEM Training Materials TIME SYSTEM SECURITY AWARENESS HANDOUT Revised 11/21/13 2014 Security Awareness Handout All System Security The TIME/NCIC Systems are criminal justice computer
More informationVirginia Commonwealth University School of Medicine Information Security Standard
Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Data Handling and Storage Standard This standard is applicable to all VCU School of Medicine personnel. Approval
More informationCERTIFIED DIGITAL FORENSICS EXAMINER
CERTIFIED DIGITAL FORENSICS EXAMINER KEY DATA Course Title: C)DFE Duration: 5 days CPE Credits: 40 Class Format Options: Instructor-led classroom Live Online Training Computer Based Training Who Should
More informationINFORMATION UPDATE: Removable media - Storage and Retention of Data - Research Studies
INFORMATION UPDATE: Removable media - Storage and Retention of Data - Research Studies REMOVABLE MEDIA: NSW MoH are currently undergoing review with a state-wide working party developing the Draft NSW
More informationTenth Judicial Circuit of Florida Information Systems Acceptable Use Guidelines Polk, Hardee and Highlands Counties as of January 2014
Tenth Judicial Circuit of Florida Information Systems Acceptable Use s Polk, Hardee and Highlands Counties as of January 2014 The following guidelines define the acceptable use of information technology
More informationCONCEPT MAPPING FOR DIGITAL FORENSIC INVESTIGATIONS
Chapter 22 CONCEPT MAPPING FOR DIGITAL FORENSIC INVESTIGATIONS April Tanner and David Dampier Abstract Research in digital forensics has yet to focus on modeling case domain information involved in investigations.
More informationIncident Response and Forensics
Incident Response and Forensics Yiman Jiang, President and Principle Consultant Sumus Technology Ltd. James Crooks, Manager - Advisory Services PricewaterhouseCoopers LLP UBC 2007-04-12 Outline Computer
More information2! Bit-stream copy. Acquisition and Tools. Planning Your Investigation. Understanding Bit-Stream Copies. Bit-stream Copies (contd.
Acquisition and Tools COMP 2555: Principles of Computer Forensics Autumn 2014 http://www.cs.du.edu/2555 1 Planning Your Investigation! A basic investigation plan should include the following activities:!
More informationComputer Forensic Capabilities
Computer Forensic Capabilities Agenda What is computer forensics? Where to find computer evidence Forensic imaging Forensic analysis What is Computer Forensics? The preservation, identification, extraction,
More informationHow To Get A Computer Hacking Program
CHFI v8(computer Hacking Forensics Investigator) Course Description & Overview Overview CHFIv8 Course Description EC-Council releases the brand new Version 8 of the Computer Hacking Forensics Investigator
More informationMassachusetts Digital Evidence Consortium. Digital Evidence Guide for First Responders
Massachusetts Digital Evidence Consortium Digital Evidence Guide for First Responders May 2015 Digital Evidence Guide for First Responders - MDEC A Note to the Reader There are an unlimited number of legal
More informationSensitive Incident Investigations. Digital Risk Management. Forensics Testing.
Sensitive Incident Investigations. Digital Risk Management. Forensics Testing. 2009 Innovation Award Winner Austin Chamber of Commerce 2010 Innovation Award Finalist Austin Chamber of Commerce Only private
More informationPRIVACY IMPACT ASSESSMENT
PRIVACY IMPACT ASSESSMENT Deloitte Forensic Data Capture Services January 2013 FDIC External Service Table of Contents System Overview Personally Identifiable Information (PII) in Deloitte Purpose & Use
More informationDiscovery of Electronically Stored Information ECBA conference Tallinn October 2012
Discovery of Electronically Stored Information ECBA conference Tallinn October 2012 Jan Balatka, Deloitte Czech Republic, Analytic & Forensic Technology unit Agenda Introduction ediscovery investigation
More informationDigital and Cloud Forensics
Digital and Cloud Forensics Stavros Simou Cultural Informatics Laboratory, Department of Cultural Technology and Communication, University of the Aegean, University Hill, GR 81100 Mytilene, Greece ssimou@aegean.gr
More informationHIPAA Awareness Training
New York State Office of Mental Health Bureau of Education and Workforce Development HIPAA Awareness Training This training material was prepared for internal use by the New York State Office of Mental
More informationLitigation Hold Notices & Electronic Discovery A R E S O U R C E F O R W S U E M P L OY E E S
Litigation Hold Notices & Electronic Discovery A R E S O U R C E F O R W S U E M P L OY E E S What is a Litigation Hold Notice? Notice from an authorized department (e.g., Attorney General s Office Torts
More informationCSN08101 Digital Forensics. Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak
CSN08101 Digital Forensics Lecture 1A: Introduction to Forensics Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak Digital Forensics You will learn in this module: The principals of computer
More informationCloud Forensics. 175 Lakeside Ave, Room 300A Phone: 802/865-5744 Fax: 802/865-6446 http://www.lcdi.champlin.edu
Cloud Forensics Written & Researched by: Maegan Katz & Ryan Montelbano 175 Lakeside Ave, Room 300A Phone: 802/865-5744 Fax: 802/865-6446 http://www.lcdi.champlin.edu November 4, 2013 Disclaimer: This document
More informationAsheboro City Schools 1:1 Laptop Handbook for Elementary and Middle Schools
Asheboro City Schools 1:1 Laptop Handbook for Elementary and Middle Schools Students should use technology and the Internet in an appropriate manner. Technology is an integral part of a student s educational
More informationWhite Paper Automated Digital Evidence Collection and Publishing: Reduce Investigation Time and Costs May 2011
White Paper Automated Digital Evidence Collection and Publishing: Reduce Investigation Time and Costs May 2011 FBI 2009 Report: 1,756 terabytes of data processed 58,609 pieces of digital media 21,810 CDs
More informationHIPAA Compliance (DSHS and HCA) Preamble: This section of the Contract is the Business Associate Agreement as
HIPAA Compliance (DSHS and HCA) Preamble: This section of the Contract is the Business Associate Agreement as required by HIPAA. 1. Definitions. a. Business Associate, as used in this Contract, means the
More informationDesign and Implementation of Digital Forensics Labs:
Design and Implementation of Digital Forensics Labs: A Case Study for Teaching Digital Forensics to Undergraduate Students Hongmei Chi, Christy Chatmon, Edward Jones, and Deidre Evans Computer and Information
More informationIAPE STANDARDS SECTION 16 DIGITAL EVIDENCE
IAPE STANDARDS SECTION 16 DIGITAL EVIDENCE IAPE STANDARD SECTION 16.1 DIGITAL EVIDENCE Standard: Digital evidence is a critical element of modern criminal investigation that should be maintained in strict
More informationValmeyer Community Unit School District #3 Acceptable Use Of Computers and Networks
Valmeyer Community Unit School District #3 Acceptable Use Of Computers and Networks The Valmeyer Community Unit School District #3 Board of Education supports the use of the Internet and other computer
More informationHow did Wiki Leaks happen?
How did Wiki Leaks happen? A disgruntled employee with an agenda goes to work with USB flash drives and copies restricted files off of the server. There is no adequate secure network access and identity
More informationGetting Physical with the Digital Investigation Process
Getting Physical with the Digital Investigation Process Brian Carrier Eugene H. Spafford Center for Education and Research in Information Assurance and Security CERIAS Purdue University Abstract In this
More informationSecureAge SecureDs Data Breach Prevention Solution
SecureAge SecureDs Data Breach Prevention Solution In recent years, major cases of data loss and data leaks are reported almost every week. These include high profile cases like US government losing personal
More informationA Websense White Paper Websense CloudMerge Ingestion Service
A Websense White Paper Websense CloudMerge Ingestion Service Table of Contents Introduction... 3 Legacy Data...... 3 Chain of Custody...... 3 Websense Data Import Process.... 4 Top Nine Things to Know
More informationCounty Identity Theft Prevention Program
INTRODUCTION CHAPTER OSCEOLA COUNTY IDENTITY THEFT PREVENTION PROGRAM The Osceola County Board of County Commissioners is committed to protecting consumers who do business with Osceola County, and as such
More informationBOR 6432 Cybersecurity and the Constitution. Course Bibliography and Required Readings:
BOR 6432 Cybersecurity and the Constitution Course Description This course examines the scope of cybercrime and its impact on today s system of criminal justice. Topics to be studied include: cybercrime
More informationEnCase Portable. Extend Your Forensic Reach with Powerful Triage & Data Collection
GUIDANCE SOFTWARE EnCase Portable EnCase Portable Extend Your Forensic Reach with Powerful Triage & Data Collection GUIDANCE SOFTWARE EnCase Portable EnCase Portable Triage and Collect with EnCase Portable
More informationJournal of Digital Forensic Practice
Journal of Digital Forensic Practice Journal of Digital Forensic Practice, 2:57 61, 2008 Copyright Taylor & Francis Group, LLC ISSN: 1556-7281 print / 1556-7346 online DOI: 10.1080/15567280801958464 UDFP
More informationGuidelines on Digital Forensic Procedures for OLAF Staff
Ref. Ares(2013)3769761-19/12/2013 Guidelines on Digital Forensic Procedures for OLAF Staff 1 January 2014 Introduction The OLAF Guidelines on Digital Forensic Procedures are internal rules which are to
More informationScientific Working Group on Digital Evidence
Disclaimer: As a condition to the use of this document and the information contained therein, the SWGDE requests notification by e-mail before or contemporaneous to the introduction of this document, or
More informationINFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL
INFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL 1 INTRODUCTION The County of Imperial Information & Technical Services (ITS) Security Policy is the foundation of the County's electronic information
More informationPROPOSED PROCEDURES FOR AN IDENTITY THEFT PROTECTION PROGRAM Setoff Debt Collection and GEAR Collection Programs
PROPOSED PROCEDURES FOR AN IDENTITY THEFT PROTECTION PROGRAM Setoff Debt Collection and GEAR Collection Programs The Identity Theft and Fraud Protection Act (Act No. 190) allows for the collection, use
More informationValmeyer Community Unit School District #3 Acceptable Use Of Computers and Networks
Valmeyer Community Unit School District #3 Acceptable Use Of Computers and Networks The Valmeyer Community Unit School District #3 Board of Education supports the use of the Internet and other computer
More informationPRIVACY IMPACT ASSESSMENT
PRIVACY IMPACT ASSESSMENT Electronic Litigation Support System June 2012 FDIC Internal System Table of Contents System Overview Personally Identifiable Information (PII) in ELS Purpose & Use of Information
More informationService Monitoring Discrimination. Prohibited Uses and Activities Spamming Intellectual Property Violations 5
WIN reserves the right to prioritize traffic based on real time and non-real time applications during heavy congestion periods, based on generally accepted technical measures. WIN sets speed thresholds
More informationInformation Security and Electronic Communications Acceptable Use Policy (AUP)
Policy No.: AUP v2.0 Effective Date: August 16, 2004 Revision Date: January 17, 2013 Revision No.: 1 Approval jwv / mkb Information Security and Electronic Communications (AUP) 1. INTRODUCTION Southwestern
More informationAppropriate Use Policy Technology & Information
CLACKAMAS COUNTY EMPLOYMENT POLICY & PRACTICE (EPP) EPP # 59 Implemented: 05/20/10 Clerical Update: Appropriate Use Policy Technology & Information PURPOSE: To establish rules governing use of County information
More informationCHAPTER 18 CYBER CRIMES
CHAPTER 18 CYBER CRIMES 18.1 With increased use of computers in homes and offices, there has been a proliferation of computer-related crimes. These crimes include: Crimes committed by using computers as
More informationScene of the Cybercrime Second Edition. Michael Cross
Scene of the Cybercrime Second Edition Michael Cross Chapter 1 Facing the Cybercrime Problem Head-On 1 Introduction 2 Defining Cybercrime 2 Understanding the Importance of Jurisdictional Issues 3 Quantifying
More informationUsing Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4
WHITEPAPER Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4 An in-depth look at Payment Card Industry Data Security Standard Requirements 10, 11,
More information